Difference between revisions of "SIM Cards"

From ForensicsWiki
Jump to: navigation, search
m (Reverted edit of Porker, changed back to last version by Yale)
Line 1: Line 1:
[[Image:Simpic.jpg|thumb|A typical SIM card.]]
+
Man shot dead at vehicle checkpoint
 
+
A man has been shot dead by police at a vehicle checkpoint in Northern Ireland. Officers fired a number of rounds during the incident on Church Street in Ballynahinch, County Down. The man shot dead was the
== SIM-Subscriber Identity Module ==
+
 
+
The terms '''SIM''', '''smart card''', and '''UICC''' have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application.  Generally speaking, a smart card is a UICC running a SIM as well as possibly other applications.
+
 
+
SIM is actually just an application running on a smartcard. A given card could contain multiple SIMs, allowing, for instance, a given phone to be used on multiple networks.
+
 
+
A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category. 
+
 
+
A SIM has three major purposes:
+
* Uniquely identify the subscriber
+
* Determines phone number
+
* Contains algorithms for network authentification
+
 
+
A SIM contains:
+
* 16 to 64 KB of memory
+
* Processor
+
* [[Operating system]]
+
 
+
It should be noted that the 16 to 64KB memory limit can be thought of a rule of thumb.  The recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to [http://www.m-systems.com/site/en-US/ M-Systems'] 1GB SIM Card slated for release in late 2006.
+
 
+
== Uses of SIMs ==
+
 
+
SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.
+
 
+
The primary use of SIM cards in the United States is in [[cell phones]]. There are other uses as well. The US military issues smart cards as identification to its personnel.  These cards are used to allow users to log into computers. 
+
 
+
Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.
+
 
+
The SIM uses a hierarchically organized [[file system]] that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another. 
+
 
+
One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owner's information log. This is becoming a problem in European countries with the theft of SIM cards.
+
 
+
== SIM Security ==
+
 
+
There are two things that help secure the information located on your SIM. The [[PIN]] (Personal Identification Number) and the [[PUK]] (Personal Unlocking Code).
+
 
+
When '''PIN protection''' is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered.  The PIN by default is at a standard default number and can be changed on the handset. 
+
 
+
If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or [[SMS]] messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the PIN is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.
+
 
+
== SIM Forensics ==
+
 
+
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
+
 
+
In general, some of this data can help an investigator determine:
+
* Phone numbers of calls made/received
+
* Contacts
+
* [[SMS]] details (time/date, recipient, etc.)
+
* SMS text (the message itself)
+
 
+
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics' [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].  Another example is [http://http://simcon.no/ SIMCon], or SIM Content Controller.  Although it is sold commercialy, the software is offered free of charge to law enforcement agencies.
+
 
+
These software titles can extract such technical data from the SIM card as:
+
* '''Integrated Circuit Card ID (ICCID)''': The serial number of the SIM card
+
* '''International Mobile Subscriber Identity (IMSI)''': A unique identifying number that identifies the phone/subscription to the [[GSM]] network
+
* '''Mobile Country Code (MCC)''': A three-digit code that represents the SIM card's country of origin
+
* '''Mobile Network Code (MNC)''': A two-digit code that represents the SIM card's home network
+
* '''Mobile Subscriber Identification Number (MSIN)''': A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
+
* '''Mobile Subscriber International ISDN Number (MSISDN)''': A number that identifies the phone number used by the headset
+
 
+
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
+
 
+
== Service Provider Data ==
+
 
+
Some additional information the service provider might store:
+
 
+
* A customer database
+
* [[Call Detail Record]]s (CDR)
+
* [[Home Location Register]] (HLR)
+
* ...
+
 
+
== References ==
+
 
+
* [http://www.sectorforensics.co.uk/sim-examination.shtml Sector Forensics]
+
* [http://www.utica.edu/academic/institutes/ecii/ijde/articles.cfm?action=issue&id=5  IJDE Spring 2003 Volume 2, Issue 1 ]: [http://www.utica.edu/academic/institutes/ecii/publications/articles/A0658858-BFF6-C537-7CF86A78D6DE746D.pdf Forensics and the GSM Mobile Telephone System] (PDF)
+

Revision as of 09:46, 16 April 2006

Man shot dead at vehicle checkpoint A man has been shot dead by police at a vehicle checkpoint in Northern Ireland. Officers fired a number of rounds during the incident on Church Street in Ballynahinch, County Down. The man shot dead was the